What are the NarcoFiles?
NarcoFiles: The New Criminal Order is an international investigation into modern-day organized crime and those who fight it. A collaboration between more than 40 media outlets, it is the largest investigative project on organized crime to originate in Latin America, a region hit hard by drug trafficking and the violence and corruption that come with it.
The project was sparked by a leak of emails from the Colombian prosecutor’s office, known as Fiscalía General de la Nación. The leak was shared last year with OCCRP and several Latin American outlets, including Cerosetenta / 070, Vorágine, and the Centro Latinoamericano de Investigación Periodística (CLIP).
OCCRP collated the data and brought in media organizations from 23 countries across the Americas and Europe to analyze the contents. The resulting stories provide a rare window into how criminal groups are collaborating, communicating, and innovating in a globalized world.
Where does the leak come from?
In 2022, a group of “hacktivists” known as Guacamaya obtained the emails by breaking into the Microsoft Exchange Server, a platform used by the Colombian prosecutor’s office. In a press release attributed to the collective, Guacamaya said they had targeted institutions they accused of enabling corruption and organized crime.
Microsoft had asked its clients to make a security update earlier in the year, but many companies and institutions in Latin America failed to do so. Guacamaya was able to exploit this vulnerability to hack the prosecutor’s office as well as several other military and police institutions, regulatory agencies, and companies across Latin America.
They shared the data with two organizations: Distributed Denial of Secrets, a collective that distributes and archives leaked data of public interest; and Enlace Hacktivista, a web page that publishes information about hacking tools and news. These two groups shared the leak with OCCRP and several Latin American media outlets.
The Colombian prosecutor’s office launched a criminal investigation into the breach in October 2022. The office also said it was looking into the contractor in charge of its IT infrastructure. In January this year, Deputy Prosecutor Martha Mancera said the office was taking measures to tighten cybersecurity.
OCCRP and its partners in Colombia contacted the prosecutor’s office to request an interview and sent a set of questions about the leak. By the time of publication, the office had not responded.
What’s in the leak?
At five terabytes, the leak contains more than seven million emails from the Colombian prosecutor’s office, including correspondence with embassies and other authorities around the world. The files — which also comprise audio clips, PDFs, spreadsheets, and calendars — date to 2001, though most of the information is concentrated between 2017 and 2022.
Documents in the leak reveal rare details about the inner workings of transnational criminal gangs and law enforcement’s efforts to dismantle them. In their stories, reporters explored six main themes:
- Criminal Empires investigates how organized crime groups have fanned out around the globe, permeating economies, corrupting authorities, and expanding their reach across borders.
- Narcotics Inc. looks at how criminal gangs are innovating and evolving their business models in the face of new economic incentives and opportunities for experimentation.
- Drowning in Drugs dives into the murky world of commercial ports that have become a hotbed of criminal activity, from Antwerp and Rotterdam to Gioia Tauro, Guayaquil, Santa Marta, and Limón.
- Dark Money investigates underground flows of illicit drug profits and the financial professionals who help enable these crimes.
- Green Crimes exposes the environmental impact of organized crime, and how their activities are destroying wildlife, polluting rivers, and threatening protected areas.
- Police and Thieves looks at the role of law enforcement agencies who are on the front lines in the fight against organized crime — but sometimes become part of the problem.
How did reporters verify information found in the leak?
To confirm the leak’s authenticity, reporters cross-checked identifying data, such as court case numbers, with publicly available information. National identification numbers were checked against public databases, and company names and ownership information were verified in corporate registries. The names of prosecutors and agents were also checked on agency webpages.
To further corroborate the data, reporters filed public information requests, reviewed hundreds of public and private documents and databases, and interviewed police, convicted criminals, experts, and victims of the drug trade.
After sorting through the emails, reporters identified leads that were used as starting points for further investigation. In most cases, documents from the leak ended up comprising only a small portion of the sources used in each story. Measures were also taken to protect third parties and to avoid disrupting ongoing investigations.
Why did OCCRP and its partners decide to report on this leak?
Organized crime fuels corruption, devastates the environment, sows inequalities, and slows economic development. That is why it is essential for investigative journalism to expose the people behind drug trafficking and other criminal activities and show how they operate.
In Colombia, citizens have the right to access information of public interest, and media outlets have the right to publish this information, regardless of the source. One of the country’s highest tribunals, the Constitutional Court, has ruled that no sources are inherently off limits for journalists.
Jonathan Bock, director of the Foundation for Press Freedom, a Colombian advocacy organization known by its Spanish acronym FLIP, told OCCRP that “the right to freedom of expression means that the media have the right to disseminate information according to their own editorial criteria, as long as they act in compliance with the law and under [the principles of] journalistic responsibility.”
Journalists from more than 40 media outlets published investigations in the NarcoFiles project. The organizations include:
- Agencia Ocote (Guatemala)
- Aristegui Noticias (Mexico)
- Armando.info (Venezuela)
- Berlingske (Denmark)
- BIRD (Bulgaria)
- Cerosetenta / 070 (Colombia)
- Centro Latinoamericano de Investigación Periodística (Latin America)
- CNN en Español (United States)
- Con Criterio (Guatemala)
- Contracorriente (Honduras)
- Cuestión Pública (Colombia)
- De Tijd (Belgium)
- Der Standard (Austria)
- Die Dunkelkammer (Austria)
- El Universal (Mexico)
- Expresso (Portugal)
- Frontstory.pl (Poland)
- Het Parool (Netherlands)
- InfoLibre (Spain)
- InSight Crime (Latin America)
- Investigace.cz (Czech Republic)
- IrpiMedia (Italy)
- Knack (Belgium)
- La Prensa (Panama)
- Mexicanos Contra la Corrupción y la Impunidad (Mexico)
- Miami Herald (United States)
- Mongabay Latam (Latin America)
- Narcodiario (Spain)
- No Ficción (Guatemala)
- Ojoconmipisto (Guatemala)
- OjoPúblico (Peru)
- Paper Trail Media (Germany)
- piauí (Brazil)
- PlanV (Ecuador)
- Plaza Pública (Guatemala)
- Profil (Austria)
- Quinto Elemento Lab (Mexico)
- Siena (Lithuania)
- SVT (Sweden)
- Univisión (United States)
- UOL (Brazil)
- Verdad Abierta (Colombia)
- Vorágine (Colombia)
- ZDF (Germany)
Fact-checking was provided by the OCCRP Fact-Checking Desk.